In reponse to a previous post a colleague of mine sent me a great demo she’d created demonstrating how inking can be done in an actual EMR program. While I think a doctor really needs to get into an EMR and see how a specific EMR handles inking and how a specific doctor’s writing style effects inking, this demo is well worth watching to see how it can be done. Check it out and let me know what you think.

Great EMR Inking Demo

Thanks DuckNet for the great example!!

I don’t know how many people have used OneNote that is usually meant for tablet pc’s, but it has a great feature that allows you to record a meeting’s audio and take notes at the same time. Later if you want to listen to the meeting you can replay the audio. More importantly, you can choose somewhere in your notes and it will take you to the audio that was being recorded when you took that note.

My next question is why couldn’t you integrate this type of feature into an EMR? While you’re taking notes on a patient you could record what they’re telling you. Then, you have everything they told you synchronized with the notes you take. Granted some of the synchronization might be tough since you might not be typing while they’re talking. However, why not take it a step further? Record the entire visit and synchronize the video with the EMR notes you take during the encounter. How nice would it be to just pull up the video to remember what was said when you are doing your charting later in the day? Legally I think it has pros and cons. You know exactly what was said and so you can prove that everything was appropriate. Although, I think the other side is a valid legal issue too since they might have said something you didn’t pick up and then you’d be responsible for that.

There are some interesting technical problems with this. Most important is the amount of disk space you would need to do this type of recording. This will probably make it cost prohibitive for a little while longer. SANS need to come down in price first. Having this much disk space is just a matter of time. Only a few years ago we had a computer with a 5 gig hard drive. It’s tough to buy smaller than 32 gig drives these days with 300 gig drives available. Also, adding this type of advanced functionality is no small task. Any EMR companies willing to take this task on board? Probably not until the market starts demanding it. How about a University researching EMR (although I’ve heard this doesn’t exist) working on a solution?

Think about it. Could having a video recording revolutionize the way you chart? Do you really need to chart everything they’ve said since you have it on recording? Your charting could just consist of your observations(although you could record these on video in front of the patient) and the assessment and plan. Ok, so I’m not a doctor, but if you’re a doctor reading this I’m sure you can see how this could change the way you chart.

I think I might need to post this idea to the Microsoft Healthcare blog I visit on occasion and see what he has to say about the idea. If Microsoft builds the technology that could be a nice cash cow for them.

When I first saw a Tablet PC I was impressed and amazed at its ability to recognize handwriting. It is a fabolous invention and really incredible technology. More importantly I saw the tablet as a great way to sit back and read your favorite websites kicked back on your couch while connecting wirelessly to the internet. I finally got a tablet and have been less than impressed. I still find the technology quite impressive, but I find myself cursing the tablet over and over again when trying to do simple data entry. I think the problem is the precision that is required in my searching and surfing habits. You can’t type in www.eNrupdate.com and get to emrupdate.com. That small inconsistency ruins my whole surfing experience and while Windows has made a good attempt to resolve these issues I still get frustrated using it. At least when I’m searching google and I spell something wrong google tries to correct my poor tablet handwriting and correct it for me (which I often utilize).

Overall I just find tablets more frustrating than useful even if the technology is impressive. I know there are quite a few tablet spefic EMR’s out there that must have taken this into account. I just don’t see how you can manage if it is converting your handwriting into text. It makes sense if it leaves it as handwriting and doesn’t try to understand your scribbles.

I do have to add one caveat to tablet use that I think is a viable reason to have tablets. Electronic Signatures. If (and when) EMR programs support electronic signatures using a tablet PC then even if you don’t use all the other bells and whistles it would be worth having a tablet to avoid more paper.

Multiple Users
In my continuing Biometrics experience I found some interesting problems when multiple people use the same computer. This isn’t a problem when you have a tablet or convertible that is dedicated to a specific doctor or nurse. Once you place a computer in an exam room and want mutliple doctors and nurses to use EMR on the same computer you have a major problem.

The worst solution is to make each doctor or nurse log in and out of windows. Otherwise, the biometrics software can only allow the person who logged into windows log into the EMR. We all know how long it takes for Windows to log in and out and so that’s not an option. By the time you are logged in and out of Windows you will have no need for the computer, because your visit with the patient will be done. This is ideal for those counseling centers using EMR. It’s not unreasonable for them to log in and out because they don’t share computers as much and often are going to spend a long period of time charting their clients.

What’s the solution? The key is that you want the computer locked so you have good security, but you don’t want to have to log the windows user in and out of the system. My friends (at least they better be friends since I’m writing such nice things about them) at Digital Persona have a solution they’ve created for just this problem. It’s been termed to me as their “kiosk” software.

This kiosk software was described to me as being able to have a generic windows login to a “kiosk” computer. This “kiosk” computer in our example would be a computer in an exam room. Many of you HIPAA experts out there may be ready to scream VIOLATION at the thought of a generic login shared by multiple users. Have no fear! This isn’t the EMR and HIPAA log for nothing. A generic windows login really isn’t a problem in this case because it is all integrated with active directory. You set a group policy that allows a group of users access to that generic login. Only those users will be able to use the generic login and unlock the computer. Furthermore, every time the generic login is used it is all nicely logged by the biometrics software for future security needs. Isn’t that great?

One caveat is that Digital Persona’s “kiosk” software must be tied to their active directory server software which I’ve mentioned before.

The best summary is one computer used by multiple users using biometrics to securely log into EMR.

Today I was approached by a part time doctor who has been working in the clinic that I support. He is starting a new medical practice and expressed in a very excited nature his need to get an EMR with integrated billing. In fact, he repeated his need to get an EMR quick. I of course told him the proper answer(in my mind).
“I can’t just tell you XYZ vendor is the best EMR for you and your practice without knowing how you want to practice medicine and which type of data entry and flow works best for you. There are too many choices out there. I could give you a list of good choices that you would need to test and see which one fits your style.”

My counsel to Doctors is this: EMR’s are like wives. Everyone likes them a little different. So, don’t ask me which EMR you should marry until you tell me what things you like. In fact, this exposes the real issue. What do you really want in an EMR? Knowing this takes time. Don’t rush it.

I’ve been coming accross a few different EMR and Health Information Management organizations that I probably should have known about if I was going to claim to have an EMR blog. Here’s are a few that I have found during my start into EMR blogging. I admit that I’ve only found a couple so far, but I figured if I posted the few that I’ve found here I might here from some of my readers on other organizations I should know about and follow.
HIMSS – Healthcare Information and Management Systems Society
TEPR – Towards the Electronic Patient Record

ASTM – Continuity of Care Record(CCR) Standard
HL7 – HL7 Standard

I know I’m missing a lot, but I’m sure my trusty readers will let me know of any others worth mentioning. I also must admit that I wish I would have gone to either the HIMSS or TEPR conference this year. I should have planned better. The HIMSS 2006 would have been really cool because I could have gone to the blogger meetup. Maybe next year.

I’ve been sad about the amount of RAM that comes in a Tablet(convertible and laptops included). Windows applications including most EMR programs are RAM hogs(although so far Lotus Notes, graphics programs and stats programs takes the cake). Plus, I think RAM is one of the most important keys to speed in a computer and the tablets I’ve seen are only coming with 512 MB of RAM. In fact, many of them are offered with only 256 MB of RAM. When I first went to order convertible tablets for my EMR they were quoted with only 256 MB of RAM. I don’t know what I would have done if I didn’t go through the hassle of changing it to 512 MB of Ram.

I have been doing some tests lately and seen that most windows and EMR programs work fine with 512 MB of RAM. However, I just got a new computer with 2 Gigs of RAM and I’ve been amazed how the RAM has just gotten eaten up (by my EMR program and other programs). 2 Gigs of RAM is really plenty of RAM and I’m not even getting close to that. However, I’m using much more than 512 MB of Ram. I’ve only seen 1 gig of ram in any reasonably priced tablets. They don’t even touch 2 gigs of ram yet. RAM has gotten cheap and I’m not sure why we can’t get more RAM in these tablets.

Tablet Manufacturers – Please give us more RAM!!

If you’ve been reading my blog for some time you know that I’m currently testing some great biometrics products from DigitalPersona. I’ve been pretty impressed with what they have to offer and their support. In fact, I’ve been taking it around to everyone showing them how cool it is. It still amazes me each time it recognizes my fingerprint and no one elses.

Now that I’m past that emotional connection I’ve started at looking at biometrics accuracy and security. This is a huge issue, because I don’t want anyone not getting in that shouldn’t be in. Possibly more important (unless you’re the HIPAA police reading) is you being the correct person and the reader not recognizing who you are. As usual these two items are at odds. You can’t keep everyone out and still ensure that it will ALWAYS recognize your fingerprint. You’ll always have a tradeoff.

In my conversations with DigitalPersona I was introduced to 2 terms FAR – False Accept Rate and FRR – False Reject Rate. I’m told this is a common term used by all biometrics companies. Essentially this tells you how many times you can expect to get an unauthorized use accessing a machine or the number of times an authorized user can’t access a machine. As you increase the FAR for security then the FRR will increase and vice versa.

The coolest part of this all is that you get to actually choose what FRR and FAR you want (at least with the biometrics I’m testing). From my limited knowledge biometrics is matching the points and curves on your fingerprint and then exporting it to a binary file. Then, in the future it creates another binary file and matches those points. If you increase the number of points it has to match then the False Reject Rate goes up, but the False Accept Rate goes down.

What does this mean for an EMR wanting to use biometrics? You are going to have to decide what FRR and FAR you are ok with. In the end if you have documented a well thought out reason then HIPAA security issues won’t be a problem. However, if you just say I always want to let my users get in regardless of the security implementation then you might have a HIPAA problem. My suggestion would be to follow the biometrics vendor’s suggestion and use their skill as the basis for your security. Never go under what the vendor suggests for security. That should raise a huge red flag. Otherwise, biometrics is a great technology with great security benefits and less password support requests.

The HIPAA enforcement rule is published.

Rick Brady mentioned that “HIPAA has no teeth.” I agree in principle. Martin Jensen mentioned that he used to agree with it not having teeth until he had a conversation with one of the regulators.

I think there are really a few important points. The penalties really are rather small and incosequential compared to the costs of compliancy. Every good business has to weigh those two factors. However, the more difficult concept to calculate is the shame of a HIPAA violation. I can tell you now that this is something for which people are very interested. The most often google search I get is for HIPAA Lawsuits. People are scared of this possibility and want to know who is going to take the fall at HIPAA’s hands. I really feel like I’m stuck between a rock and a hard place. HIPAA compliancy and budgeting.

My only relief is in the following excerpt:

[A] civil money penalty may not be imposed ‘‘if it is established to the satisfaction of the Secretary that the person liable for the penalty did not know, and by exercising reasonable diligence would not have known, that such person violated the provision’’,…if the failure to comply was due ‘‘to reasonable cause and not to willful neglect’’ and is corrected within a certain time, [and] a civil money penalty may be reduced or entirely waived ‘‘to the extent that the payment of such penalty would be excessive relative to the compliance failure involved.’’

A recent article in the Washington Post described a new program where the reports of blood sugar testing had to be reported to the city. I don’t think the writer really knows what they’re talking about since they said

Specifically, if you live in New York and have trouble resisting sweets, your doctor may soon receive a call from the health department suggesting that he or she needs to persuade you to change your lifestyle.

There is no way this is going to happen. It goes against all privacy policies and the city has no business doing it. This information is only going to be used for cumulative general information on trends within the city.

Regardless of this reporter’s inability to report what’s really going to happen he does make a good point

The emerging question is whether medical privacy is a basic right or something more akin to a privilege for which those who want it should pay, rather than shifting the cost to others.

It brings out two fundamental points. First, is it a fundamental(and I would say constitutional) right for someone to have their patient information kept private? I can’t say I’ve really formed an opinion on the subject. I really feel that it definitely can avoid a lot of problems. We all know the example of a parent who finds out about a child’s bad behavior. There are many more that I’m sure you’ve all heard. This is important, but often I’ve personally wondered why most people would really care. Don’t get me wrong, I don’t want my patient information flopping around like it is the recent basketball scores. However, if my information is useful to help make progress in the health arena then why not? Not to mention I really have nothing to hide. If you asked me I’d probably just tell you anyway. The real question is how do you define which organizations are going to use it for “good” and who is going to do untold things with that data? I sure wish I had the answer to that question.

The second point I found even more interesting. I don’t really care too much about my electronic medical record being private. Many people I’m sure have very strong feelings about their medical privacy. If this is the case, then let them pay for that right. Not an easy task to set up, but I think many people faced with a stack of money versus the security of their patient history would probably take the money. Put money on the line and you really get to see what people find important.

It’s a very complex issue that I don’t have the answers to(and quite frankly I could easily change my opinion either way at this point), but I thought these points were some good food for thought.